一文教会你,如何通过kubeadm,在生产环境部署K8S高可用集群(一):https://developer.aliyun.com/article/1495644
Run ‘kubectl get nodes’ to see this node join the cluster.
node节点加入:
kubeadm join 10.10.0.10:7443 --token abcdef.0123456789abcdef
–discovery-token-ca-cert-hash sha256:eac394f46b758da8502c3e25882584432f195c809d29c6038f0fcefc201c8fac
[root@node01 ~ ]# kubeadm join 10.10.0.10:7443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:eac394f46b758da8502c3e25882584432f195c809d29c6038f0fcefc201c8fac
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster…
[preflight] FYI: You can look at this config file with ‘kubectl -n kube-system get cm kubeadm-config -o yaml’
[kubelet-start] Writing kubelet configuration to file “/var/lib/kubelet/config.yaml”
[kubelet-start] Writing kubelet environment file with flags to file “/var/lib/kubelet/kubeadm-flags.env”
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap…
This node has joined the cluster:
Certificate signing request was sent to apiserver and a response was received.
The Kubelet was informed of the new secure connection details.
Run ‘kubectl get nodes’ on the control-plane to see this node join the cluster.
在master节点查看集群:
[root@master02 ~ ]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01 NotReady control-plane,master 60m v1.21.14
master02 NotReady control-plane,master 25m v1.21.14
master03 NotReady control-plane,master 7m40s v1.21.14
node01 NotReady 2m49s v1.21.14
node02 NotReady 33s v1.21.14
给node节点角色命名:
#可以看到node01、node02的ROLES角色为空,就表示这个节点是工作节点。
#可以把node01和node02的ROLES变成work,按照如下方法:
[root@master01 ~ ]# kubectl label node node01 node-role.kubernetes.io/worker=true
node/node01 labeled
[root@master01 ~ ]# kubectl label node node02 node-role.kubernetes.io/worker=true
node/node02 labeled
[root@master01 ~ ]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01 Ready control-plane,master 5h40m v1.21.14
node01 Ready worker 5h31m v1.21.14
node02 Ready worker 159m v1.21.14
[root@master01 ~ ]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-59d64cd4d4-2b6tt 0/1 Pending 0 92m
coredns-59d64cd4d4-7jlws 0/1 Pending 0 92m
etcd-master01 1/1 Running 0 92m
etcd-master02 1/1 Running 0 57m
etcd-master03 1/1 Running 0 38m
kube-apiserver-master01 1/1 Running 0 92m
kube-apiserver-master02 1/1 Running 0 57m
kube-apiserver-master03 1/1 Running 0 38m
kube-controller-manager-master01 1/1 Running 1 92m
kube-controller-manager-master02 1/1 Running 0 57m
kube-controller-manager-master03 1/1 Running 0 38m
kube-proxy-69dmp 1/1 Running 0 92m
kube-proxy-pswl9 1/1 Running 0 57m
kube-proxy-t567z 1/1 Running 0 34m
kube-proxy-wgh9t 1/1 Running 0 38m
kube-proxy-z4mk9 1/1 Running 0 31m
kube-scheduler-master01 1/1 Running 1 92m
kube-scheduler-master02 1/1 Running 0 57m
kube-scheduler-master03 1/1 Running 0 38m
tail -fn300 /var/log/messages
Jul 8 15:55:25 master03 kubelet: I0708 15:55:25.680936 22892 cni.go:239] “Unable to update cni config” err=“no networks found in /etc/cni/net.d”
Jul 8 15:55:26 master03 kubelet: E0708 15:55:26.743448 22892 kubelet.go:2211] “Container runtime network not ready” networkReady=“NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized”
是因为没装网络插件
5.Calico安装
Calico:https://www.projectcalico.org/
https://docs.projectcalico.org/getting-started/kubernetes/self-managed-onprem/onpremises
curl https://docs.projectcalico.org/manifests/calico.yaml -O 原版本
点击Manifest下载:
curl https://projectcalico.docs.tigera.io/manifests/calico.yaml -O 新版本
点击requirements 可以查看calico支持的kubernetes的版本
修改calico.yaml的以下位置,把注释取消,改成自己配置的podSubnet网段
- name: CALICO_IPV4POOL_CIDR
value: “172.16.0.0/12”
kubectl apply -f calico.yaml
[root@master01 ~ ]# kubectl apply -f calico.yaml
configmap/calico-config created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/caliconodestatuses.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipreservations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-node created
clusterrolebinding.rbac.authorization.k8s.io/calico-node created
daemonset.apps/calico-node created
serviceaccount/calico-node created
deployment.apps/calico-kube-controllers created
serviceaccount/calico-kube-controllers created
poddisruptionbudget.policy/calico-kube-controllers created
查看token秘钥:
[root@master01 ~ ]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
attachdetach-controller-token-4s7jv kubernetes.io/service-account-token 3 3h53m
bootstrap-signer-token-7tpd5 kubernetes.io/service-account-token 3 3h53m
bootstrap-token-abcdef bootstrap.kubernetes.io/token 6 3h53m 这个
calico-kube-controllers-token-rhbnf kubernetes.io/service-account-token 3 37m
[root@master01 ~ ]# kubectl get secret -n kube-system bootstrap-token-abcdef -oyaml
apiVersion: v1
data:
auth-extra-groups: c3lzdGVtOmJvb3RzdHJhcHBlcnM6a3ViZWFkbTpkZWZhdWx0LW5vZGUtdG9rZW4=
expiration: MjAyMi0wNy0wOVQxMzoxMDozMCswODowMA== token过期时间,是通过base64加密的,可以解密
token-id: YWJjZGVm
token-secret: MDEyMzQ1Njc4OWFiY2RlZg==
usage-bootstrap-authentication: dHJ1ZQ==
usage-bootstrap-signing: dHJ1ZQ==
kind: Secret
metadata:
creationTimestamp: “2022-07-08T05:10:30Z”
name: bootstrap-token-abcdef
namespace: kube-system
resourceVersion: “372”
uid: 83b63111-373a-471b-9530-bfbe55763326
type: bootstrap.kubernetes.io/token
[root@master01 ~ ]# echo “MjAyMi0wNy0wOVQxMzoxMDozMCswODowMA==”|base64 -d
2022-07-09T13:10:30+08:00[root@master01 ~ ]#
token一天就过期,过期后可以使用kubeadm来重新生成token
假如这个token过期,我们先把它删掉:
[root@master01 ~ ]# kubectl delete secret -n kube-system bootstrap-token-abcdef
secret “bootstrap-token-abcdef” deleted
重新生成node节点加入的token:
[root@master01 ~ ]# kubeadm token create --print-join-command
kubeadm join 10.10.0.10:7443 --token hbfk39.j5aj5rcejq401rhb --discovery-token-ca-cert-hash sha256:eac394f46b758da8502c3e25882584432f195c809d29c6038f0fcefc201c8fac
查看过期时间:
[root@master01 ~ ]# kubectl get secret bootstrap-token-hbfk39 -n kube-system -oyaml
apiVersion: v1
data:
auth-extra-groups: c3lzdGVtOmJvb3RzdHJhcHBlcnM6a3ViZWFkbTpkZWZhdWx0LW5vZGUtdG9rZW4=
expiration: MjAyMi0wNy0wOVQxNzoyMDo0NiswODowMA==
token-id: aGJmazM5
token-secret: ajVhajVyY2VqcTQwMXJoYg==
usage-bootstrap-authentication: dHJ1ZQ==
usage-bootstrap-signing: dHJ1ZQ==
kind: Secret
metadata:
creationTimestamp: “2022-07-08T09:20:48Z”
name: bootstrap-token-hbfk39
namespace: kube-system
resourceVersion: “23993”
uid: 2904221d-7da7-4656-8fc8-30c32cade8d1
type: bootstrap.kubernetes.io/token
生成master的 --certificate-key:
[root@master01 ~ ]# kubeadm init phase upload-certs --upload-certs
I0708 17:29:52.123627 105799 version.go:254] remote version is much newer: v1.24.2; falling back to: stable-1.21
[upload-certs] Storing the certificates in Secret “kubeadm-certs” in the “kube-system” Namespace
[upload-certs] Using certificate key:
35652b0c344704df60bdab4e4d2386b93d12f31d719263cddccbbcf32bb8764c
其他master加入只需要修改 --certificate-key为这个key即可
kubeadm join 10.10.0.10:7443 --token abcdef.0123456789abcdef
–discovery-token-ca-cert-hash sha256:35652b0c344704df60bdab4e4d2386b93d12f31d719263cddccbbcf32bb8764c --control-plane --certificate-key 35652b0c344704df60bdab4e4d2386b93d12f31d719263cddccbbcf32bb8764c
6.Metrics部署
在新版的Kubernetes中系统资源的采集均使用Metrics-server,可以通过Metrics采集节点和Pod的内存、磁盘、CPU和网络的使用率。
以前比较老的版本使用Heapster,现在已经被弃用
下载软件包:
git clone https://github.com/dotbalo/k8s-ha-install.git
安装metrics-server
·官网:https://github.com/kubernets-sigs/metrics-server
https://github.com/kubernetes-sigs/metrics-server
下载镜像和资源文件,并导入私有仓库
镜像导入
安装metrics-server
——rbac.yaml 授权控制器
——pdb.yaml 中断控制器
——development.yaml 主进程 metrics
——service.yaml 后端是 metrics 主进程的服务
——apiservice.yaml 注册集群API
下载软件包:
git clone https://github.com/dotbalo/k8s-ha-install.git
[root@master01 metrics-server-3.6.1 ]# pwd
/root/k8s-ha-install/metrics-server-3.6.1
安装:
[root@master01 metrics-server-3.6.1 ]# kubectl apply -f .
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
Warning: apiregistration.k8s.io/v1beta1 APIService is deprecated in v1.19+, unavailable in v1.22+; use apiregistration.k8s.io/v1 APIService
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
serviceaccount/metrics-server created
deployment.apps/metrics-server created
service/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
注:如果失败,删除metrics-server资源:
kubectl delete -f metrics-server.yaml
github官网下载安装metrics-server:
https://github.com/kubernetes-sigs/metrics-server/releases
https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.0/components.yaml
先修改两个地方:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
- --kubelet-insecure-tls # 加上该启动参数
image: registry.cn-hangzhou.aliyuncs.com/zailushang/metrics-server:v0.6.0 # 国内集群,请替换成这个镜像
[root@master01 ~ ]# kubectl apply -f components.yaml
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
查看状态:
[root@master01 ~ ]# kubectl get pod -n kube-system -l k8s-app=metrics-server
NAME READY STATUS RESTARTS AGE
metrics-server-7f44b488b9-gljj2 1/1 Running 0 11m
kubectl top命令可显示节点和Pod对象的资源使用信息,它依赖于集群中的资源指标API来收集各项指标数据。
它包含有node和pod两个命令,可分别用于显示Node对象和Pod对象的相关资源占用率。
[root@master01 ~ ]# kubectl top nodes --use-protocol-buffers
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master01 282m 14% 1161Mi 62%
master02 333m 16% 1256Mi 67%
master03 296m 14% 1237Mi 66%
node01 134m 3% 1044Mi 55%
1、查看集群资源占用
[root@master01 ~ ]# kubectl top pod --use-protocol-buffers -A
NAMESPACE NAME CPU(cores) MEMORY(bytes)
kube-system calico-kube-controllers-69f595f8f8-9tgr4 2m 34Mi
kube-system calico-node-7htlt 31m 135Mi
kube-system calico-node-8j7zg 55m 80Mi
kube-system calico-node-rgwsf 32m 135Mi
kube-system calico-node-tgwjx 36m 143Mi
kube-system coredns-59d64cd4d4-2b6tt 3m 25Mi
kube-system coredns-59d64cd4d4-7jlws 5m 17Mi
kube-system etcd-master01 43m 89Mi
kube-system etcd-master02 59m 90Mi
kube-system etcd-master03 47m 88Mi
kube-system kube-apiserver-master01 72m 331Mi
kube-system kube-apiserver-master02 82m 384Mi
kube-system kube-apiserver-master03 88m 366Mi
kube-system kube-controller-manager-master01 2m 32Mi
kube-system kube-controller-manager-master02 20m 90Mi
kube-system kube-controller-manager-master03 3m 39Mi
kube-system kube-proxy-69dmp 1m 34Mi
kube-system kube-proxy-pswl9 1m 32Mi
kube-system kube-proxy-wgh9t 1m 30Mi
kube-system kube-proxy-wj5nm 1m 18Mi
kube-system kube-scheduler-master01 6m 30Mi
kube-system kube-scheduler-master02 4m 41Mi
kube-system kube-scheduler-master03 3m 35Mi
kube-system metrics-server-7f44b488b9-gljj2 5m 25Mi
kubernetes-dashboard dashboard-metrics-scraper-7c857855d9-rqwm5 1m 14Mi
kubernetes-dashboard kubernetes-dashboard-bcf9d8968-5wh7b 1m 25Mi
查看内存较大的pod,基于内存占用排序:
[root@k8s-master shell ]#kubectl top pod --use-protocol-buffers -A|sed 1d|awk -F “M” ‘{print $1}’|sort -k4nr
kube-logging es-cluster-0 91m 1148
kube-logging es-cluster-1 99m 1093
tools tools-7c45b75fd7-chxrx 1m 927
kube-logging es-cluster-2 86m 922
storage tfies-0 2m 887
monitor-sa prometheus-server-7474845b45-tvlck 38m 882
storage tfies-1 2m 822
cattle-prometheus prometheus-cluster-monitoring-0 21m 678
gateway gateway-69bfb5df5c-gm8zv 7m 559
查看节点详细信息:
kubectl describe node master01
7.Dashboard部署
官方GitHub:https://github.com/kubernetes/dashboard
在谷歌浏览器(Chrome)启动文件中加入启动参数,用于解决无法访问Dashboard的问题,参考图1-1:谷歌浏览器快捷键属性,目标文件的最后添加
–test-type --ignore-certificate-errors
安装最新版:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml
[root@master01 ~ ]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
如果不能安装,需要将文件打开复制出来编辑个yaml文件
查看dashboard:
[root@master01 ~ ]# kubectl get po -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-7c857855d9-tqhjk 1/1 Running 0 4m6s
kubernetes-dashboard-bcf9d8968-b9td5 1/1 Running 0 4m6s
更改dashboard的svc为NodePort:在每个宿主机上启动一个端口
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
[root@master01 ~ ]# kubectl get svc kubernetes-dashboard -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 192.168.20.101 443:31459/TCP 2d20h
根据自己的实例端口号,通过任意安装了kube-proxy的宿主机或者VIP的IP+端口即可访问到dashboard:
https://10.10.0.224:31459
查看有没有管理员用户:
[root@master01 ~ ]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk ‘{print $1}’)
创建管理员用户vim admin.yaml
[root@master01 ~ ]# vim admin.yaml apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user annotations: rbac.authorization.kubernetes.io/autoupdate: "true" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kube-system
查看token值:
[root@master01 ~ ]# kubectl apply -f admin.yaml -n kube-system serviceaccount/admin-user created clusterrolebinding.rbac.authorization.k8s.io/admin-user created [root@master01 ~ ]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') Name: admin-user-token-6dpml Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: a871d4cf-28a4-4d36-b3a7-917efbbace02 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1066 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlVFMHY0TjJuY3BzRmVPejRtZUFNSlp3TWs4bExNYjhpZWR0dVNDdEt3ZjgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTZkcG1sIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhODcxZDRjZi0yOGE0LTRkMzYtYjNhNy05MTdlZmJiYWNlMDIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.zdtLkxuyB3LpWbx7G24cbRMjlcS9LO1xnIkQrhUcPutqH_IDNMOD7a5KL-5QLVZoJyyf5_w6oAfsdK24fXcKspSrNiFbl_N79BP8Ktqur8NbP06giU3bFH4rhchjNaGJNkpkpl9j99_8tSIUPvH_BCQsLryynLwi9S7bsojEwG-iMLvtUbfuwudEaQv4oN-OfNcFNlqlSAMTAto65WtLhTn4YV6XAjSAFebrbhpnUs06_JRUdnpZooSuhkCquAW7cuKJbCTTkVly5jBuvdQA67cQsbb9V82k2S97NK6ov5WhXH2nY1GrMDPa5xLJD_kkUvOvVZXCfF2YelAwtr3oZQ
https://10.10.0.224:31459
选择token,输入token值即可登录
查看所有集群容器:
[root@master01 ~ ]# kubectl get pod --all-namespaces
集群验证:
kubernetes ip:service网段的第一个地址
[root@master01 ~ ]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 192.168.0.1 443/TCP 2d21h
DNS service网段第十个地址:
[root@master01 ~ ]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 192.168.0.10 53/UDP,53/TCP,9153/TCP 2d21h
metrics-server ClusterIP 192.168.233.65 443/TCP 2d16h
[root@master01 ~ ]# kubectl get pod --all-namespaces -owide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-69f595f8f8-9tgr4 1/1 Running 7 2d18h 172.20.59.200 master02
kube-system calico-node-7htlt 1/1 Running 2 2d18h 10.10.0.221 master02
kube-system calico-node-8j6gc 1/1 Running 2 2d18h 10.10.0.224 node01
kube-system calico-node-rgwsf 1/1 Running 5 2d18h 10.10.0.220 master01
kube-system calico-node-sxczq 0/1 Running 0 2d18h 10.10.0.225 node02
kube-system calico-node-tgwjx 1/1 Running 2 2d18h 10.10.0.223 master03
kube-system coredns-59d64cd4d4-2b6tt 1/1 Running 2 2d22h 172.20.59.199 master02
kube-system coredns-59d64cd4d4-7jlws 1/1 Running 2 2d22h 172.20.59.201 master02
kube-system etcd-master01 1/1 Running 9 2d22h 10.10.0.220 master01
kube-system etcd-master02 1/1 Running 6 2d21h 10.10.0.221 master02
kube-system etcd-master03 1/1 Running 6 2d21h 10.10.0.223 master03
kube-system kube-apiserver-master01 1/1 Running 12 2d22h 10.10.0.220 master01
kube-system kube-apiserver-master02 1/1 Running 10 2d21h 10.10.0.221 master02
kube-system kube-apiserver-master03 1/1 Running 14 2d21h 10.10.0.223 master03
kube-system kube-controller-manager-master01 1/1 Running 11 2d22h 10.10.0.220 master01
kube-system kube-controller-manager-master02 1/1 Running 6 2d21h 10.10.0.221 master02
kube-system kube-controller-manager-master03 1/1 Running 4 2d21h 10.10.0.223 master03
kube-system kube-proxy-69dmp 1/1 Running 4 2d22h 10.10.0.220 master01
kube-system kube-proxy-pswl9 1/1 Running 2 2d21h 10.10.0.221 master02
kube-system kube-proxy-t567z 1/1 Running 2 2d21h 10.10.0.224 node01
kube-system kube-proxy-wgh9t 1/1 Running 2 2d21h 10.10.0.223 master03
kube-system kube-proxy-z4mk9 1/1 Running 1 2d21h 10.10.0.225 node02
kube-system kube-scheduler-master01 1/1 Running 11 2d22h 10.10.0.220 master01
kube-system kube-scheduler-master02 1/1 Running 5 2d21h 10.10.0.221 master02
kube-system kube-scheduler-master03 1/1 Running 5 2d21h 10.10.0.223 master03
kube-system metrics-server-769bd9c6f4-hvtlq 0/1 CrashLoopBackOff 41 2d17h 172.29.55.9 node01
kubernetes-dashboard dashboard-metrics-scraper-7c857855d9-tqhjk 1/1 Running 2 2d17h 172.29.55.7 node01
kubernetes-dashboard kubernetes-dashboard-bcf9d8968-b9td5 1/1 Running 3 2d17h 172.29.55.8 node01
进入到容器中执行命令:
[root@master01 ~ ]# kubectl exec -it calico-node-8j6gc -n kube-system – sh
Defaulted container “calico-node” out of: calico-node, upgrade-ipam (init), install-cni (init)
sh-4.4#
查看日志:
[root@master01 ~ ]# kubectl logs -n kube-system metrics-server-769bd9c6f4-hvtlq
删除pod:
[root@master01 metrics-server-3.6.1 ]# kubectl delete pod metrics-server-769bd9c6f4-hvtlq -n kube-system
pod “metrics-server-769bd9c6f4-hvtlq” deleted
将Kube-proxy改为ipvs模式,因为在初始化集群的时候注释了ipvs配置,所以需要自行修改一下:
2.11 一些必须的配置更改
将Kube-proxy改为ipvs模式,因为在初始化集群的时候注释了ipvs配置,所以需要自行修改一下:
在master01节点执行
kubectl edit cm kube-proxy -n kube-system
mode: “ipvs”
注意事项
注意:kubeadm安装的集群,证书有效期默认是一年。
master节点的kube-apiserver、kube-scheduler、kube-controller-manager、etcd都是以容器运行的。
可以通过kubectl get po -n kube-system查看。
启动和二进制不同的是,kubelet的配置文件在/etc/sysconfig/Kubelet
其他组件的配置文件在/etc/kubernetes目录下,比如kube-apiserver.yaml,该yaml文件更改后,
kubelet会自动刷新配置,也就是会重启pod。不能再次创建该文件
dashboard使用过程中很不方便,浏览器里面的编辑,添加等操作都是yaml格式形式编辑的
国内开发的https://kuboard.cn/ 比较好用
https://kuboard.cn/install/v3/install-in-k8s.html#%E6%96%B9%E6%B3%95%E4%B8%80-%E4%BD%BF%E7%94%A8-hostpath-%E6%8F%90%E4%BE%9B%E6%8C%81%E4%B9%85%E5%8C%96
选择在线安装:
kubectl apply -f https://addons.kuboard.cn/kuboard/kuboard-v3.yaml
查看:
[root@master01 ~ ]# kubectl get nodes -n kuboard
NAME STATUS ROLES AGE VERSION
master01 Ready control-plane,master 3d3h v1.21.14
master02 Ready control-plane,master 3d3h v1.21.14
master03 Ready control-plane,master 3d2h v1.21.14
node01 Ready 167m v1.21.14
node02 NotReady 3d2h v1.21.14
查看服务:
[root@master01 ~ ]# kubectl get svc -n kuboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kuboard-v3 NodePort 192.168.16.221 80:30080/TCP,10081:30081/TCP,10081:30081/UDP 23m
访问 Kuboard
在浏览器中打开链接 http://your-node-ip-address:30080
输入初始用户名和密码,并登录
用户名: admin
密码: Kuboard123
在浏览器导入kuboard-agent
删除节点:
[root@master01 cfg ]# kubectl delete node master01